Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2023-52513: kernel: RDMA/siw: Fix connection failure handling (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Red Hat: CVE-2023-52513: kernel: RDMA/siw: Fix connection failure handling (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:L/Au:M/C:N/I:N/A:C)
Published
03/02/2024
Created
06/07/2024
Added
06/06/2024
Modified
06/06/2024

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix connection failure handling In case immediate MPA request processing fails, the newly created endpoint unlinks the listening endpoint and is ready to be dropped. This special case was not handled correctly by the code handling the later TCP socket close, causing a NULL dereference crash in siw_cm_work_handler() when dereferencing a NULL listener. We now also cancel the useless MPA timeout, if immediate MPA request processing fails. This patch furthermore simplifies MPA processing in general: Scheduling a useless TCP socket read in sk_data_ready() upcall is now surpressed, if the socket is already moved out of TCP_ESTABLISHED state.

Solution(s)

  • redhat-upgrade-kernel
  • redhat-upgrade-kernel-rt

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;